e-Document Approval & Workflow

Organisations need to exchange documents for the purpose of sign-off and approval either with internal employees or external parties.

Such documents include sales contracts, HR documents like expense sheets, mortgage documents, insurance claim forms, consultancy reports and others. Typically there is a document owner who uploads and identifies who needs to approve the document and in which order. The document management system then conducts the workflow notifying each user that they need to provide approval and tracking the process through to completion.

Most current document management systems use a simple approve button to indicate approval – however, this provides little proof later that a particular user indeed signed-off on a document. Approval should instead be given using digital signatures which add trust, integrity, assurance, traceability and auditability to ensure legal compliance.

There are two approaches to integrating a secure e-document approval and workflow system:

Organisation already has a Document Management System (DMS):

Many organisations have already deployed commercial Document Management Systems like Microsoft SharePoint® or Xerox DocuShare. In such cases Ascertia recommends the integration of ADSS Go>Sign Desktop for secure document viewing and sign-off, and ADSS Server for controlling the process and verification of digital signatures. The ADSS Server / Go>Sign Client combination has already been integrated by us and our partners with a range of Document Management Systems and more can usually be added easily because of the ADSS Server’s simple XML/SOAP web services interfaces.

Organisations without a DMS:

In this scenario Ascertia recommends the use of SigningHub. This is a specialist document approval and workflow application developed by Ascertia which comes pre-integrated with ADSS Server and Go>Sign Desktop. Click here for further information on SigningHub

SOLUTION DESCRIPTION

As each person reviews documents within their ERP, CRM, ECM or other application, a signature can be applied using ADSS Server and Go>Sign Client. Note: viewing a document can also be performed by Go>Sign Service – this presents a flat PDF image of the document, so that all the details can be reviewed before signing.

With this solution the signature can be created in various ways:

SigningHub.com is our public cloud-hosted instance of the SigningHub product. The product can be licensed for in-house or private cloud service also. For full details of this cloud-signing service visit SigningHub.com. Note SigningHub can cater for both server-side signing, local client-side signing (SSCD) or mobile signing. SigningHub provides the ability to workflow the document to multiple users for sign-off purposes and to track the document status. Signers are notified via email alerts. SigningHub can be easily integrated within any web application using iFrames.

Using client-side signing by ADSS Go>Sign Client – this can also be installed automatically and silently using standard deployment technologies like Microsoft Active Directory Group Policies etc. It can access locally held keys to sign documents presented by the server or even files held locally that need to be signed and uploaded. Go>Sign Client can also use roamed credentials supplied by ADSS Server, i.e. virtual smartcards.

Using keys held securely on the ADSS Server on behalf of end-users – the business application can easily register users on the ADSS Server and then request ADSS Server to sign data after the user has authorised this action

Using thick desktop software such as PDF Sign&Seal.

User keys on the desktop – accessed by ADSS Go>Sign Desktop

Go>Sign Desktop

Using signatures and timestamps, documents can be shown to have existed, been processed, been accepted, been notarised by a particular individual, system and/or organisation at a proven date and time.

WHY ASCERTIA?

There are many reasons for choosing Ascertia’s digital signature products for e-document approval projects. These include:

Apply electronic (digital) signatures to any type of document

Ascertia’s products offer the widest support for digital signature formats and standards and the greatest flexibility in how to implement these. The products support PDF, XML, PKCS#7, CMS, S/MIME and PKCS#1 signatures as required to sign business documents. German and other country qualified certificates can be used to provide advanced electronic signatures.

Long-term signatures

Ascertia is a clear leader in creating long-term signatures – these can be verified many years in the future, an essential requirement for most government related data. ADSS Server supports ETSI XAdES and CAdES as well as the latest PAdES (PDF format) profiles.

Verify existing electronic (digital) signatures to any type of document

Ascertia has the widest support for verification of digital signature formats as mentioned above. It also provides enhanced OASIS DSS-X Verification Reports and PEPPOL based quality ratings for signatures and associated certificates. All of this evidential information can be stored as metadata with the data objects being archived for later use.

Multiple Signing Options

Different applications have different needs for how signatures are created. Some require server-side batch-signing features, some require signatures to be created locally by users that have eID smartcards or secure USB tokens. Others even want key and certificate roaming solutions that offer virtual “smartcards”. Ascertia’s ADSS Server and Go>Sign Desktop already provide all these options and more.

Multi-platform support

Organisations cannot control which systems and browsers end-users will work with when submitting documents. It is essential digital signature and encryption solutions work on any platform with any browser and support multi-lingual capability. Go>Sign Desktop supports all Windows platforms as well as many Linux versions and has also been tested in various browsers.

Authorising Server-Side Signatures

Many organisations feel uncomfortable about performing corporate (or department) signatures using keys held on the server and not under the control of a particular individual employee. To relieve this concern Ascertia has implemented its unique authorising mechanism for server-side signatures which allows one or more authorisers to apply a personal signature to a document which is verified first by ADSS Server before applying a corporate signature. For further details see this white paper

Multiple Integration Options

ADSS Enterprise Server can be easily integrated with any business document production environment using our Watched Folder application called Auto File Processor, or our high-level Java and .NET ADSS Client SDKs or via direct XML/SOAP web service calls or even email integration using Secure Email Server

High Performance, Scalability & Security

ADSS Server can be run in load-balanced configuration to sign millions of documents in an automated manner. All signature operations can be conducted in a secure Hardware Security Module (HSM) and multiple HSMs can be connected for performance and resilience purposes. All signing operations are securely logged in ADSS Server database

More than just digital or electronic signatures

Digital signature creation is only one part of the solution – there are also requirements for signature verification, trust anchor management, key management, certification, real-time certificate validation, time-stamping and secure long-term archiving. ADSS Server is unique in being able to address all these requirements in one multi-function server. All these services are based on leading industry standards including OASIS DSS & DSS/X (singing, verification and encryption), RFC 3161 (timestamping), IETF LTANS (archiving), RFC 6960 (OCSP validation), RFC 5055 (SCVP validation), W3C XKMS (validation), etc.